Study shows 'Zero Trust' gaining traction in NZ – but buy-in lags
This content was prepared by Datacom and is being published by NZME as an advertorial.
Zero Trust is a cybersecurity strategy being adopted globally as best practice, but it still has detractors inside many New Zealand businesses putting their organisations at risk of cyber-attacks.
Taking a Zero Trust approach means the default position for an organisation's IT security is that every person and device must be verified and authorised before getting access to information, devices or networks.
A series of high-profile data breaches and crippling denial of service attacks has moved cybersecurity to the top of the agenda for many New Zealand organisations, but Datacom CIO Karl Wright says employees, and operational IT and security teams are not being supported to understand the value of a Zero Trust approach.
A Datacom-commissioned study conducted by Forrester Consulting has shown that 83% of cybersecurity decision-makers see Zero Trust as the future of their firms' security, but only 52% of security teams and 40% of operational business and tech teams were seen as supporters of Zero Trust at the outset of implementation.
Forrester Consulting carried out the custom survey of 204 decision-makers responsible for cybersecurity strategy in Australian and New Zealand organisations, ranging in size from 200+ to 20,000+ employees.
Forty-eight percent of the decision-makers surveyed said their "stakeholders struggled to understand the business value of adopting a Zero Trust approach".
"If internal stakeholders are struggling to understand the value of Zero Trust, it's because the cybersecurity and business leaders are not giving them the information they need," says Wright.
Wright's assertion about a lack of communication is backed up by the study results.
Fifty-two percent of the decision-makers who were surveyed identified technical knowledge as the most important factor in driving Zero Trust programmes, but only 13% identified organisation-wide communication as important.
"For the IT and security teams that are going to roll this out, they need to know a Zero Trust approach will give them more visibility into their organisation's security status and make it easier to protect their business from breaches," says Wright.
"For employees, they need to know that Zero Trust is not about locking them out of the apps and data they need. Having the right Zero Trust architecture and protocols in place provides simplified, secure access to technology and information for employees and supports remote and hybrid working models."
Wright says another misconception around Zero Trust is that it requires all new systems and technology.
"There's a perception that it is costly and requires an operations overhaul. It doesn't. What it requires is a well-planned, strategic approach to implementation and organisations need to adopt a change management approach and communicate why they are making the changes and what it means for staff."
Wright says if companies can address concerns and clearly communicate its value, the adoption of a Zero Trust approach will answer many of their security challenges.
Results of the survey identified two of the biggest IT security challenges facing New Zealand organisations as the "changing/evolving nature of IT threats – internal and external" (55%) and "keeping up with privacy requirements" (50%).
Both challenges are addressed by a Zero Trust approach.
Asked about the benefits they had experienced – or anticipated experiencing – from implementing Zero Trust, survey respondents identified employee empowerment as a significant benefit.
Nearly 75% saw it empowering employees to have more flexibility to work from anywhere or any networks and 61% saw it delivering empowerment by relieving employees of the burden of security responsibility through password-free authentication alternatives such as digital certification.
Other benefits called out by survey respondents included improved prevention of a data breach (58%), data awareness and insights (47%) and compliance with security regulations (37%).
With the adoption of Zero Trust happening around the world – including in the US where the Biden Administration has directed all US government departments to adopt it as part of its national cybersecurity policy – Wright says local organisations will find there are growing expectations from customers, partners and authorities around cybersecurity policies that are in line with global best practice.
"We've seen Zero Trust prove itself to be a highly effective answer to countering cyber threats in this age of remote and hybrid work and companies need to look at how they bring their employees on that journey."
The Forrester Consulting survey of 204 cybersecurity decision-makers in Australia and New Zealand was carried out from March 2022 – May 2022. To download the full study and analysis, visit www.datacom.com/zerotrust